From: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Date: Sun, 10 Feb 2019 21:49:13 +0000 (+0100)
Subject: mt76: usb: fix possible NULL pointer dereference in mt76u_mcu_deinit
X-Git-Tag: v5.1-rc1~178^2~131^2~58^2~13
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=bdba48d57a5509a6531e162394f157250d893aaf;p=linux.git

mt76: usb: fix possible NULL pointer dereference in mt76u_mcu_deinit

Fix possible NULL pointer dereference in mt76u_mcu_deinit routine that
can occur if initialization path fails before calling mt76u_mcu_init_rx

Fixes: ee676cd5017c ("mt76: add driver code for MT76x2u based devices")
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---

diff --git a/drivers/net/wireless/mediatek/mt76/usb_mcu.c b/drivers/net/wireless/mediatek/mt76/usb_mcu.c
index 036be4163e69..9527e1216f3d 100644
--- a/drivers/net/wireless/mediatek/mt76/usb_mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/usb_mcu.c
@@ -48,9 +48,11 @@ EXPORT_SYMBOL_GPL(mt76u_mcu_init_rx);
 
 void mt76u_mcu_deinit(struct mt76_dev *dev)
 {
-	struct mt76_usb *usb = &dev->usb;
+	struct mt76u_buf *buf = &dev->usb.mcu.res;
 
-	usb_kill_urb(usb->mcu.res.urb);
-	mt76u_buf_free(&usb->mcu.res);
+	if (buf->urb) {
+		usb_kill_urb(buf->urb);
+		mt76u_buf_free(buf);
+	}
 }
 EXPORT_SYMBOL_GPL(mt76u_mcu_deinit);